09-10-2013 03:59 AM - edited 02-21-2020 07:08 PM
Hello,
I use an ASA5505 running ASA verion 9.1.(2).
I upgraded my AnyConnect packages to 3.1.04066 (win and osx) from 3.1.0.04059 yesterday and now I can no longer connect to the ASA with my OSX-client. Windows client still works fine and connects to the ASA.
The ASA is using a self-signed certificate and no other changes have been made but changing the webdeployment-packages containing the client for Windows and OSX.
I get two errormessages:
First:
Second:
Any thoughts on this problem?
I have tried to remove the .anyconnect file under the users home folder in OSX.
I have reinstalled the client on the OSX-computer
Regenerated a new certificate on the ASA and that certificate works fine with the wondows client but no luck with OSX.
Best regards
// Fredrik M
09-11-2013 01:16 AM
Have you checked this one:
https://tools.cisco.com/bugsearch/bug/CSCug13458/?referring_site=ss
Michael
Please rate all helpful posts
09-11-2013 11:23 PM
I red about the bug but could not find the appropriate certificate in the keychain-access application to do a Always trust so no luck there.
Downgraded the OSX-client back to 3.1.0.04059 and then everything works again for OSX-users. But I ket the new one for Windows where the new version works just fine.
I haven't tried if I get the same problem with a public certificate, the ASA I'm working on right now only uses self-signed certificates generated on the ASA.
/ Fredrik
09-23-2013 09:55 AM
I am seeing the exact same issue and exact same results.
10-17-2013 11:36 PM
The problem is with FIPS (Federal Information Processing Standard). On default ASA disables it but in 3.1.04066 OSX client there's a bug that forces it on. FIPS wont accept default self-signed certificates and prevents the connection.
To fix the issue, upgrade or downgrade your client. Currently newest version is 3.1.04072 that also has some improvements for OSX 10.9
The root of the problem is still the default self-signed certificate that anyconnect uses. This might also cause annoying security warning pop-ups whenever a user connects to an ASA with these default certificate settings.
Check this, Example Set 3, Scenario C.
Had the same problem and this is my impression of the reasons for this problem. Someone can correct me if there's any mistakes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide